Module UserSystem
In: lib/user_system.rb

ユーザー管理に関するモジュール。

Methods

Protected Instance methods

overwrite if you want to have special behavior in case the user is not authorized to access the current operation. the default action is to redirect to the login screen example use : a popup window might just close itself for instance

[Source]

    # File lib/user_system.rb, line 26
26:   def access_denied
27:     redirect_url = { :controller => "/user", :action => "login" }
28:     if request.xhr?
29:       render :update do |page|
30:         page.redirect_to url_for(redirect_url)
31:       end
32:     else
33:       redirect_to redirect_url
34:     end
35:   end

authenticate_user filter. add

  before_filter :authenticate_user

[Source]

    # File lib/user_system.rb, line 14
14:   def authenticate_user
15:     return true if authenticated_user?
16:     session[:return_to] = request.request_uri
17:     access_denied
18:     return false
19:   end

[Source]

     # File lib/user_system.rb, line 79
 79:   def authenticated_user?
 80:     # skip auth in rails side
 81:     if request.env["REMOTE_USER"]
 82:       return skip_authentication(request.env["REMOTE_USER"])
 83:     end
 84: 
 85:     if session[:user_agent] && session[:user_agent] != request.env["HTTP_USER_AGENT"]
 86:       logger.info "::: User-Agent changed, resetting session."
 87:       user = User.find_by_id(session[:user_id])
 88:       create_login_history(user, LoginHistory::RESULT_USER_AGENT_CHANGED)
 89:       reset_login_session
 90:       flash[:message] = s_("flash|message|Invalid request detected. Please login again.")
 91:       return false
 92:     end
 93: 
 94:     if session[:expires_at]
 95:       if session_has_timed_out?
 96:         logger.info "::: Session has expired, resetting session."
 97:         user = User.find_by_id(session[:user_id])
 98:         create_login_history(user, LoginHistory::RESULT_SESSION_TIMED_OUT)
 99:         reset_login_session
100:         flash[:message] = s_("flash|message|Session has expired. Please login again.")
101:         return false
102:       end
103:       logger.info "::: Session has not expired. Reinitializing."
104:       init_session_expiry
105:     else
106:       logger.info "::: Session expiry not initialized"
107:       init_session_expiry
108:     end
109: 
110:     if session[:user_id]
111:       @current_user = User.find_by_id(session[:user_id])
112:       User.current = @current_user
113:       return false if @current_user.nil?
114:       return true
115:     end
116: 
117:     # If not, is the user being authenticated by a token (created by signup/forgot password actions)?
118:     return false if not params['user']
119:     id = params['user']['id']
120:     key = params['key']
121:     if id and key
122:       @current_user = User.authenticate_by_token(id, key)
123:       session[:user_id] = @current_user ? @current_user.id : nil
124:       return true if not @current_user.nil?
125:     end
126: 
127:     # Everything failed
128:     return false
129:   end

[Source]

     # File lib/user_system.rb, line 144
144:   def create_login_history(user, result, program_type=::LoginHistory::PROGRAM_TYPE_WEB, login=nil, password=nil)
145:     history = LoginHistory.new
146:     if params["user"]
147:       login ||= params["user"]["login"]
148:       password ||= params["user"]["password"]
149:     end
150:     history.login = login if login
151:     history.password = password if password
152:     history.result = result
153:     history.remote_address = request.remote_ip
154:     history.program_type = program_type
155:     if user
156:       history.user_id = user.id
157:       history.domain_id = user.domain_id
158:     end
159:     history.save!
160:   end

[Source]

    # File lib/user_system.rb, line 61
61:   def init_login_session(user)
62:     User.current = user
63:     session[:user_id] = user.id
64:     session[:login_time] = Time.now
65:     session[:remote_ip] = request.remote_ip
66:     session[:user_agent] = request.env["HTTP_USER_AGENT"]
67:     Person.transaction do
68:       person = user.person
69:       last_language = person.last_language
70:       current_language = GetText.locale.language[0, 2]
71:       if last_language.blank? || last_language != current_language
72:         person.last_language = current_language
73:         person.save!
74:       end
75:     end
76:     init_session_expiry
77:   end

[Source]

    # File lib/user_system.rb, line 53
53:   def init_session_expiry
54:     session[:expires_at] = Clock.now + CONFIG[:session_times_out_in]
55:   end

[Source]

    # File lib/user_system.rb, line 37
37:   def redirect_back_or_default
38:     if session[:return_to].nil?
39:       redirect_to CONFIG[:default_url]
40:     else
41:       redirect_to session[:return_to]
42:       session[:return_to] = nil
43:     end
44:   end

[Source]

    # File lib/user_system.rb, line 46
46:   def reset_login_session
47:     session[:user_id] = nil
48:     session[:login_time] = nil
49:     @current_user = nil
50:     User.current = nil
51:   end

[Source]

    # File lib/user_system.rb, line 57
57:   def session_has_timed_out?
58:     Time.now > session[:expires_at]
59:   end

[Source]

     # File lib/user_system.rb, line 131
131:   def skip_authentication(login)
132:     @current_user = User.find_by_login(login)
133:     if session[:user_id] && session[:user_id] != @current_user.id
134:       logger.info "invalid session session[:user_id]=#{session[:user_id]} != #{@current_user.id}"
135:       reset_login_session
136:     end
137:     return false if @current_user.nil?
138:     init_login_session(@current_user)
139:     flash["notice"] = s_("flash|notice|Login skipped")
140:     create_login_history(@current_user, LoginHistory::RESULT_LOGIN_SKIPPED)
141:     return true
142:   end

[Validate]